There is, I'll have to work on the SQL statement later today for you.
What's the ID of your network offering that you are using?

Thanks,
Matt 


On 4/23/13 9:56 AM, "David Ortiz" <dpor...@outlook.com> wrote:

>Matt,
>    That sounds like exactly what I am going for.  Is there a way to
>disable dns on a network/virtual router that already exists, or would I
>need to do this prior to creating the zone?
>Thanks,     David
>
>> From: mathias.mull...@citrix.com
>> To: users@cloudstack.apache.org
>> Subject: Re: Using different DNS for guests than Virtual Router
>> Date: Tue, 23 Apr 2013 16:04:02 +0000
>> 
>> David, 
>> 
>> I've done a lot of installs with AD. Your best bet is to just remove the
>> the DNS function from the virtual router. Leave DHCP in place, don't
>>have
>> that be taken over by external DHCP as it will cause issues.
>> 
>> Also tweaking the dnsmasq is a short term fix as it will only go away
>>once
>> the VR reboots.
>> 
>> Once you remove DNS, you then set your public and private DNS in the
>>zone
>> to your active directory servers. That will automatically filter down to
>> the VMs and you'll get the desired results.
>> 
>> Hope this helps,
>> Matt 
>> 
>> 
>> On 4/23/13 8:51 AM, "David Ortiz" <dpor...@outlook.com> wrote:
>> 
>> >Hello Ahmad,
>> >      That was my initial attempt.  The issue I ran into was that the
>> >dnsmasq settings on the Virtual Router seem to block the traffic that
>>was
>> >required for the machine to join the domain.  I played around with the
>> >settings a little bit and was able to get it to find the domain, so I
>> >would imagine that I could tweak it some more to not be an issue.
>> >However, any changes I make on the virtual router only last until it is
>> >restarted, so without a way to make those permanent I have to
>>circumvent
>> >it entirely.  The blog post that Murali linked for how to set up a
>> >network without DHCP and DNS seems like it was probably the correct way
>> >to do it, but as far as I can tell would require me to start my zone
>>from
>> >scratch, so I am trying to avoid that if possible.
>> >Thanks,       David Ortiz
>> >
>> >> CC: users@cloudstack.apache.org
>> >> From: aemne...@gmail.com
>> >> Subject: Re: Using different DNS for guests than Virtual Router
>> >> Date: Tue, 23 Apr 2013 08:49:06 -0700
>> >> To: users@cloudstack.apache.org
>> >> 
>> >> Coming from someone that has no clue about active directory... If
>>your
>> >>using a basic zone, why don't you have the AD server deployed outside
>>of
>> >>cloudstack s control. Then point have your dns entries point to it.
>>Have
>> >>the default security group for guests open to the ports AD works on.
>> >> 
>> >> Ahmad
>> >> 
>> >> On Apr 22, 2013, at 1:42 PM, David Ortiz <dpor...@outlook.com> wrote:
>> >> 
>> >> > Hello,
>> >> >    I am trying to setup a Windows AD server as a guest on my
>> >>cloudstack cluster, and join my other guests to the domain it is
>>serving
>> >>using PowerBroker Identity Services Open.  From what I am seeing, the
>> >>virtual router will block me from being able to perform nslookup or
>>join
>> >>the domain using the domainjoin-cli command.  If I modify
>> >>/etc/resolv.conf to point directly at my DC as the dns server, it can
>> >>join the domain without any issues.  Unfortunately when I reboot, the
>> >>dhcp setup with the virtual router will point it back to the virtual
>> >>router as the name server.  I also found that I could get nslookup
>>(but
>> >>not joining the domain) to work by playing with the dnsmasq.conf
>> >>settings on the virtual router a little bit, which works until it is
>> >>rebooted at which point they revert back to what they had been
>> >>originally.  Is there a way to get the virtual router to point guests
>>at
>> >>the domain controller as the DNS, or to set up the dnsmasq to allow
>>the
>> >>AD joins to occur (and make those settings persistent)?  Or
>> >>alternatively, would I be able to set up DHCP on the DC and just
>> >>circumvent the virtual router entirely?
>> >> > Thanks,
>> >> >     David Ortiz
>> >                                      
>> 
>                                         

Reply via email to